A zero day threat exploits an unknown computer security vulnerability. Attackers can exploit zero-day vulnerabilities through different channels. Some common channels include email attachments, drive-by software downloads, and web browsers including advertising.

Typically a zero day attack takes advantage of a bug that developers nor end-users are aware of. By discovering the bug before the developer a hacker can take advantage and plant a malware or virus through the vulnerable channel. The vulnerability period for a zero-day threat can range from a few minutes to a few years.

For example Microsoft Internet Explorer shipped to end-users for over seven years with a vulnerability that can allow remote code execution. The bug present in Adobe Flash had the capability of allowing malicious advertisers or website developers to push sketchy downloads into end-users machines. The risk here can range all the way from simple adware up to malware and stolen data.

Most traditional security models including endpoint security, antivirus and firewall generally cannot stop zero-day threats as the threat is unknown until it is exploited. Developers cannot stop the unknown. So how does one protect their company network from unknown threats?

Netfast Cyber Security Solutions – Penetration Testing

Penetration testing is designed to replicate the actions of a hacker by actively attempting to hack a system. The intended goal is to hire a good-guy hacker to breach the network before a bad-guy gets in.

There are three main areas of penetration testing

Social Engineering: As PWC’s research proved humans specifically employees cause most security issues in a business environment. Process and procedures are put in place by IT to mitigate this risk but who is checking to make sure they are followed? Our good-guy hacker will use tactics such as phone and email to find process flaws that may reveal sensitive data.

Application testing: using software and application to scan the network and find probable holes. This includes SQL injection, and bots amongst other channels

Physical Penetration Testing: testing the physical security of facilities that house sensitive information and devices

After the three areas are complete your Netfast consultant will provide a detailed report that will outline threats found and resolution suggestions. They will then work with our engineering services team and our best-in-class partners to implement remediation if needed.